ucentral: development update

* update netifd
* update hostapd
* update mt76
* update maverick
* add dynamic vlan
* update ucentral-client
* update ucentral-schema
* update ucode
* update 5.10 patches
* fix realtek

Signed-off-by: John Crispin <john@phrozen.org>

backports/0003-kernel-add-linux-5.10-support.patch

@@ -1,7 +1,7 @@
-From 16ff9017e964d6429efeaad3e767522cb29da244 Mon Sep 17 00:00:00 2001
+From 0f37bb5919d96aaca7b0d06b56d37dabba87b190 Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Sat, 24 Oct 2020 21:14:16 +0200
-Subject: [PATCH 01/39] kernel: add linux 5.10 support
+Subject: [PATCH 01/45] kernel: add linux 5.10 support
 
 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
@@ -34,6 +34,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  ...threaded-able-napi-poll-loop-support.patch |  261 +
  ...tribute-to-control-napi-threaded-mod.patch |  177 +
  ...ween-napi-kthread-mode-and-busy-poll.patch |   93 +
+ ...up-on-napi_disable-for-threaded-napi.patch |   53 +
  ...y-switchdev-of-disappearance-of-old-.patch |  126 +
  ...r-when-a-non-legacy-FDB-operation-fa.patch |   52 +
  ...e-switchdev_notifier_fdb_info-in-dsa.patch |  226 +
@@ -218,7 +219,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  .../pending-5.10/834-ledtrig-libata.patch     |  149 +
  ...40-hwrng-bcm2835-set-quality-to-1000.patch |   26 +
  .../pending-5.10/920-mangle_bootargs.patch    |   71 +
- 213 files changed, 37353 insertions(+), 54 deletions(-)
+ 214 files changed, 37406 insertions(+), 54 deletions(-)
  create mode 100644 target/linux/generic/backport-5.10/010-Kbuild-don-t-hardcode-path-to-awk-in-scripts-ld-vers.patch
  create mode 100644 target/linux/generic/backport-5.10/011-kbuild-export-SUBARCH.patch
  create mode 100644 target/linux/generic/backport-5.10/071-crypto-arm-chacha-neon-optimize-for-non-block-size-m.patch
@@ -240,6 +241,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  create mode 100644 target/linux/generic/backport-5.10/601-v5.12-net-implement-threaded-able-napi-poll-loop-support.patch
  create mode 100644 target/linux/generic/backport-5.10/602-v5.12-net-add-sysfs-attribute-to-control-napi-threaded-mod.patch
  create mode 100644 target/linux/generic/backport-5.10/603-v5.12-net-fix-race-between-napi-kthread-mode-and-busy-poll.patch
+ create mode 100644 target/linux/generic/backport-5.10/604-v5.12-net-fix-hangup-on-napi_disable-for-threaded-napi.patch
  create mode 100644 target/linux/generic/backport-5.10/770-v5.12-net-bridge-notify-switchdev-of-disappearance-of-old-.patch
  create mode 100644 target/linux/generic/backport-5.10/771-v5.12-net-dsa-be-louder-when-a-non-legacy-FDB-operation-fa.patch
  create mode 100644 target/linux/generic/backport-5.10/772-v5.12-net-dsa-don-t-use-switchdev_notifier_fdb_info-in-dsa.patch
@@ -3849,6 +3851,65 @@ index 0000000000..dddc35918e
 + 		set_current_state(TASK_INTERRUPTIBLE);
 + 	}
 + 	__set_current_state(TASK_RUNNING);
+diff --git a/target/linux/generic/backport-5.10/604-v5.12-net-fix-hangup-on-napi_disable-for-threaded-napi.patch b/target/linux/generic/backport-5.10/604-v5.12-net-fix-hangup-on-napi_disable-for-threaded-napi.patch
+new file mode 100644
+index 0000000000..4b83641291
+--- /dev/null
++++ b/target/linux/generic/backport-5.10/604-v5.12-net-fix-hangup-on-napi_disable-for-threaded-napi.patch
+@@ -0,0 +1,53 @@
++From: Paolo Abeni <pabeni@redhat.com>
++Date: Fri, 9 Apr 2021 17:24:17 +0200
++Subject: [PATCH] net: fix hangup on napi_disable for threaded napi
++
++napi_disable() is subject to an hangup, when the threaded
++mode is enabled and the napi is under heavy traffic.
++
++If the relevant napi has been scheduled and the napi_disable()
++kicks in before the next napi_threaded_wait() completes - so
++that the latter quits due to the napi_disable_pending() condition,
++the existing code leaves the NAPI_STATE_SCHED bit set and the
++napi_disable() loop waiting for such bit will hang.
++
++This patch addresses the issue by dropping the NAPI_STATE_DISABLE
++bit test in napi_thread_wait(). The later napi_threaded_poll()
++iteration will take care of clearing the NAPI_STATE_SCHED.
++
++This also addresses a related problem reported by Jakub:
++before this patch a napi_disable()/napi_enable() pair killed
++the napi thread, effectively disabling the threaded mode.
++On the patched kernel napi_disable() simply stops scheduling
++the relevant thread.
++
++v1 -> v2:
++  - let the main napi_thread_poll() loop clear the SCHED bit
++
++Reported-by: Jakub Kicinski <kuba@kernel.org>
++Fixes: 29863d41bb6e ("net: implement threaded-able napi poll loop support")
++Signed-off-by: Paolo Abeni <pabeni@redhat.com>
++Reviewed-by: Eric Dumazet <edumazet@google.com>
++Link: https://lore.kernel.org/r/883923fa22745a9589e8610962b7dc59df09fb1f.1617981844.git.pabeni@redhat.com
++Signed-off-by: Jakub Kicinski <kuba@kernel.org>
++---
++
++--- a/net/core/dev.c
+++++ b/net/core/dev.c
++@@ -6951,7 +6951,7 @@ static int napi_thread_wait(struct napi_
++ 
++ 	set_current_state(TASK_INTERRUPTIBLE);
++ 
++-	while (!kthread_should_stop() && !napi_disable_pending(napi)) {
+++	while (!kthread_should_stop()) {
++ 		/* Testing SCHED_THREADED bit here to make sure the current
++ 		 * kthread owns this napi and could poll on this napi.
++ 		 * Testing SCHED bit is not enough because SCHED bit might be
++@@ -6969,6 +6969,7 @@ static int napi_thread_wait(struct napi_
++ 		set_current_state(TASK_INTERRUPTIBLE);
++ 	}
++ 	__set_current_state(TASK_RUNNING);
+++
++ 	return -1;
++ }
++ 
 diff --git a/target/linux/generic/backport-5.10/770-v5.12-net-bridge-notify-switchdev-of-disappearance-of-old-.patch b/target/linux/generic/backport-5.10/770-v5.12-net-bridge-notify-switchdev-of-disappearance-of-old-.patch
 new file mode 100644
 index 0000000000..c43cb4d1f2

backports/0008-realtek-update-to-latest-owrt-HEAD.patch

@@ -1,7 +1,7 @@
-From 4846fa664105f251140cca009480944b70579170 Mon Sep 17 00:00:00 2001
+From cd5d073a6469beb8e7a3a267672e34baa73cbd83 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Tue, 16 Mar 2021 10:46:51 +0100
-Subject: [PATCH 01/38] realtek: update to latest owrt HEAD
+Subject: [PATCH 01/40] realtek: update to latest owrt HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -11,7 +11,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  target/linux/realtek/config-5.4               |  31 +-
  .../realtek/dts/rtl8380_zyxel_gs1900-10hp.dts |  20 +-
  .../dts/rtl8392_edgecore_ecs4100-12ph.dts     | 297 +++++++++
- target/linux/realtek/dts/rtl839x.dtsi         | 201 ++++++
+ target/linux/realtek/dts/rtl839x.dtsi         | 197 ++++++
  .../include/asm/mach-rtl838x/mach-rtl83xx.h   |  23 +-
  .../files-5.4/arch/mips/rtl838x/setup.c       |  18 -
  .../files-5.4/drivers/gpio/edgecore_reboot.c  |  61 ++
@@ -34,7 +34,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../realtek/patches-5.4/708-poor-stp.patch    |  16 +
  .../realtek/patches-5.4/710-adt7470.patch     |  22 +
  .../realtek/patches-5.4/711-ec4100.patch      |  41 ++
- 29 files changed, 3789 insertions(+), 799 deletions(-)
+ 29 files changed, 3785 insertions(+), 799 deletions(-)
  create mode 100644 target/linux/realtek/dts/rtl8392_edgecore_ecs4100-12ph.dts
  create mode 100644 target/linux/realtek/dts/rtl839x.dtsi
  create mode 100644 target/linux/realtek/files-5.4/drivers/gpio/edgecore_reboot.c
@@ -79,7 +79,7 @@ index 699ab817dd..36ca01a696 100755
  
  board=$(board_name)
 diff --git a/target/linux/realtek/base-files/etc/board.d/02_network b/target/linux/realtek/base-files/etc/board.d/02_network
-index 2568fd2e0e..4d025b0975 100755
+index 2568fd2e0e..2b82ccb0aa 100755
 --- a/target/linux/realtek/base-files/etc/board.d/02_network
 +++ b/target/linux/realtek/base-files/etc/board.d/02_network
 @@ -49,6 +49,9 @@ done
@@ -87,7 +87,7 @@ index 2568fd2e0e..4d025b0975 100755
  
  case $board in
 +edgecore,ecs4100-12ph)
-+	ucidef_set_poe 60 "$lan_list"
++	ucidef_set_poe 130 "lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8"
 +	;;
  netgear,gs110tpp-v1)
  	ucidef_set_poe 130 "$lan_list"
@@ -555,10 +555,10 @@ index 0000000000..303b79ac83
 +};
 diff --git a/target/linux/realtek/dts/rtl839x.dtsi b/target/linux/realtek/dts/rtl839x.dtsi
 new file mode 100644
-index 0000000000..9b41804ecf
+index 0000000000..9816b2a09b
 --- /dev/null
 +++ b/target/linux/realtek/dts/rtl839x.dtsi
-@@ -0,0 +1,201 @@
+@@ -0,0 +1,197 @@
 +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 +
 +/dts-v1/;
@@ -703,10 +703,6 @@ index 0000000000..9b41804ecf
 +		gpio-controller;
 +		#gpio-cells = <2>;
 +		ngpios = <24>;
-+		interrupt-controller;
-+		#interrupt-cells = <2>;
-+		interrupt-parent = <&intc>;
-+		interrupts = <23>;
 +	};
 +
 +	gpio1: rtl8231-gpio {

backports/0037-netifd-update-to-latest-HEAD.patch

@@ -1,7 +1,7 @@
-From a830b2677c7076d93ab35a90ec12d382b64551d0 Mon Sep 17 00:00:00 2001
+From 4edc2c70973ac0f030186cc1b09423d14395fe73 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Thu, 27 May 2021 13:24:47 +0200
-Subject: [PATCH 37/40] netifd: update to latest HEAD
+Subject: [PATCH 07/40] netifd: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -12,7 +12,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  create mode 100644 package/network/config/netifd/files/etc/udhcpc.user
 
 diff --git a/package/network/config/netifd/Makefile b/package/network/config/netifd/Makefile
-index 7061456b08..2f6b779e6d 100644
+index 7061456b08..cce2529ac8 100644
 --- a/package/network/config/netifd/Makefile
 +++ b/package/network/config/netifd/Makefile
 @@ -5,9 +5,9 @@ PKG_RELEASE:=1
@@ -23,8 +23,8 @@ index 7061456b08..2f6b779e6d 100644
 -PKG_SOURCE_VERSION:=c00c8335d6188daa326ecfe5a62da15a9b9987e1
 -PKG_MIRROR_HASH:=c740e51e0cec13eec336ba1c7a643db3b64a9a2235f8c1b73a566cb89e841190
 +PKG_SOURCE_DATE:=2021-05-26
-+PKG_SOURCE_VERSION:=899c2a4520526d43113f73cf673f20e2486a40fb
-+PKG_MIRROR_HASH:=354905192b30af88ea953241ed332555e67cdb7e3b54dd139250bf1e6ad3a709
++PKG_SOURCE_VERSION:=50381d0a2998f6c0fc4823f0c2aa4206063d549e
++PKG_MIRROR_HASH:=
  PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
  
  PKG_LICENSE:=GPL-2.0

backports/0039-hostapd-upsate-to-latest-HEAD.patch

@@ -1,12 +1,13 @@
-From 61fa1ae5ea6a9b80810ed18f88d9fada6a7cc73f Mon Sep 17 00:00:00 2001
+From 3193e901764618b5e8b9be008be52312a8d733ac Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Thu, 27 May 2021 13:25:19 +0200
-Subject: [PATCH 01/32] hostapd: upsate to latest HEAD
+Subject: [PATCH 09/40] hostapd: upsate to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  package/network/services/hostapd/Makefile     |   9 +-
  .../hostapd/files/hostapd-basic.config        |   2 +-
+ .../hostapd/files/hostapd-full.config         |   4 +-
  .../network/services/hostapd/files/hostapd.sh | 117 ++++++--
  ...-fix-frequency-setup-with-HE-enabled.patch | 196 -------------
  .../001-wolfssl-init-RNG-with-ECC-key.patch   |  43 +++
@@ -58,14 +59,14 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../patches/500-lto-jobserver-support.patch   |  19 +-
  .../hostapd/patches/600-ubus_support.patch    | 125 ++++++---
  .../hostapd/patches/700-wifi-reload.patch     |  51 ++--
- .../hostapd/patches/710-vlan_no_bridge.patch  |  33 +++
+ .../hostapd/patches/710-vlan_no_bridge.patch  |  41 +++
  .../720-ACS-fix-channel-100-frequency.patch   |  30 ++
  .../patches/720-iface_max_num_sta.patch       |  82 ++++++
  ...ate-if-no-available-channel-is-found.patch |  37 ---
  ...of-secondary-device-types-for-P2P-gr.patch |  33 ---
  .../services/hostapd/src/src/ap/ubus.c        |  70 ++++-
  .../services/hostapd/src/src/ap/ubus.h        |  16 ++
- 60 files changed, 681 insertions(+), 2310 deletions(-)
+ 61 files changed, 691 insertions(+), 2312 deletions(-)
  delete mode 100644 package/network/services/hostapd/patches/001-HE-VHT-fix-frequency-setup-with-HE-enabled.patch
  create mode 100644 package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch
  delete mode 100644 package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch
@@ -141,8 +142,25 @@ index 947e2fa200..33c38192b1 100644
  
  # Override default value for the wpa_disable_eapol_key_retries configuration
  # parameter. See that parameter in hostapd.conf for more details.
+diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
+index df272e443a..61b6daf861 100644
+--- a/package/network/services/hostapd/files/hostapd-full.config
++++ b/package/network/services/hostapd/files/hostapd-full.config
+@@ -94,10 +94,10 @@ CONFIG_EAP_TTLS=y
+ #CONFIG_EAP_PAX=y
+ 
+ # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+-#CONFIG_EAP_PSK=y
++CONFIG_EAP_PSK=y
+ 
+ # EAP-pwd for the integrated EAP server (secure authentication with a password)
+-#CONFIG_EAP_PWD=y
++CONFIG_EAP_PWD=y
+ 
+ # EAP-SAKE for the integrated EAP server
+ #CONFIG_EAP_SAKE=y
 diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
-index 45a49b8faa..7981f02ed6 100644
+index 45a49b8faa..f90cfebc5e 100644
 --- a/package/network/services/hostapd/files/hostapd.sh
 +++ b/package/network/services/hostapd/files/hostapd.sh
 @@ -91,6 +91,7 @@ hostapd_add_log_config() {
@@ -268,11 +286,11 @@ index 45a49b8faa..7981f02ed6 100644
  }
  
 +append_radius_acct_req_attr() {
-+	append bss_conf "radius_acct_req_attr=$1" "$N"
++	[ -n "$1" ] && append bss_conf "radius_acct_req_attr=$1" "$N"
 +}
 +
 +append_radius_auth_req_attr() {
-+	append bss_conf "radius_auth_req_attr=$1" "$N"
++	[ -n "$1" ] &&  append bss_conf "radius_auth_req_attr=$1" "$N"
 +}
 +
  append_airtime_sta_weight() {
@@ -4542,10 +4560,10 @@ index d5520d0b77..5993b0d445 100644
   
 diff --git a/package/network/services/hostapd/patches/710-vlan_no_bridge.patch b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch
 new file mode 100644
-index 0000000000..d5aa33520b
+index 0000000000..73db32e54a
 --- /dev/null
 +++ b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch
-@@ -0,0 +1,33 @@
+@@ -0,0 +1,41 @@
 +--- a/src/ap/ap_config.h
 ++++ b/src/ap/ap_config.h
 +@@ -115,6 +115,7 @@ struct hostapd_ssid {
@@ -4558,16 +4576,24 @@ index 0000000000..d5aa33520b
 + #define DYNAMIC_VLAN_NAMING_END 2
 +--- a/src/ap/vlan_full.c
 ++++ b/src/ap/vlan_full.c
-+@@ -466,6 +466,9 @@ void vlan_newlink(const char *ifname, st
-+ 
-+ 	wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
++@@ -475,6 +475,9 @@ void vlan_newlink(const char *ifname, st
++ 	if (!vlan)
++ 		return;
 + 
 ++	if (hapd->conf->ssid.vlan_no_bridge)
-++		return;
+++		goto out;
 ++
-+ 	for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
-+ 		if (vlan->configured ||
-+ 		    os_strcmp(ifname, vlan->ifname) != 0)
++ 	vlan->configured = 1;
++ 
++ 	notempty = vlan->vlan_desc.notempty;
++@@ -506,6 +509,7 @@ void vlan_newlink(const char *ifname, st
++ 				    ifname, br_name, tagged[i], hapd);
++ 	}
++ 
+++out:
++ 	ifconfig_up(ifname);
++ }
++ 
 +--- a/hostapd/config_file.c
 ++++ b/hostapd/config_file.c
 +@@ -3366,6 +3366,8 @@ static int hostapd_config_fill(struct ho

backports/0040-mt76-update-to-latest-HEAD.patch

@@ -1,15 +1,15 @@
-From d0634b3177d6aeaaf71d1fe4f143846a6d47fea5 Mon Sep 17 00:00:00 2001
+From b6529b11c38b887413cd05138bb81fca5878564c Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Thu, 27 May 2021 13:25:41 +0200
-Subject: [PATCH 40/40] mt76: update to latest HEAD
+Subject: [PATCH 15/45] mt76: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
- package/kernel/mt76/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ package/kernel/mt76/Makefile | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
 
 diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile
-index e9e95fa9b3..5104c3ec53 100644
+index e9e95fa9b3..8a98c4bfc0 100644
 --- a/package/kernel/mt76/Makefile
 +++ b/package/kernel/mt76/Makefile
 @@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
@@ -19,12 +19,30 @@ index e9e95fa9b3..5104c3ec53 100644
 -PKG_SOURCE_DATE:=2021-04-11
 -PKG_SOURCE_VERSION:=bf45b30d891961dd7c4139dddb58b909ea2c2b5a
 -PKG_MIRROR_HASH:=431cecf80dafa986e805f809522721c2bb26289867d6770695d49baf8b471bea
-+PKG_SOURCE_DATE:=2021-05-15
-+PKG_SOURCE_VERSION:=9d736545bb5ac9707e60b7900b7d6b290492e24d
-+PKG_MIRROR_HASH:=8fd98f488579c18cfd8c442cff1796dcd70e2ecbc59c5d5b92ee8c0f06efafcf
++PKG_SOURCE_DATE:=2021-06-02
++PKG_SOURCE_VERSION:=b9f09f530223893c0880c3b08fdb2afe55d152e1
++PKG_MIRROR_HASH:=4a8a8189c70d2f169ec69484c74af9221c1c3b62932624b049f3b23988f11d89
  
  PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
  PKG_BUILD_PARALLEL:=1
+@@ -155,7 +155,7 @@ define KernelPackage/mt7615-common
+   $(KernelPackage/mt76-default)
+   TITLE:=MediaTek MT7615 wireless driver common code
+   HIDDEN:=1
+-  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac
++  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac +kmod-hwmon-core
+   FILES:= $(PKG_BUILD_DIR)/mt7615/mt7615-common.ko
+ endef
+ 
+@@ -213,7 +213,7 @@ endef
+ define KernelPackage/mt7915e
+   $(KernelPackage/mt76-default)
+   TITLE:=MediaTek MT7915e wireless driver
+-  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +@DRIVER_11AX_SUPPORT
++  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +kmod-hwmon-core +@DRIVER_11AX_SUPPORT
+   FILES:= $(PKG_BUILD_DIR)/mt7915/mt7915e.ko
+   AUTOLOAD:=$(call AutoProbe,mt7915e)
+ endef
 -- 
 2.25.1
 

feeds/realtek/realtek-poe/files/etc/config/poe

@@ -6,4 +6,53 @@ config port
 	option id	'1'
 	option name	'lan1'
 	option poe_plus	'1'
+	option priority	'3'
+
+config port
+	option enable	'1'
+	option id	'2'
+	option name	'lan2'
+	option poe_plus	'1'
+	option priority	'3'
+
+config port
+	option enable	'1'
+	option id	'3'
+	option name	'lan3'
+	option poe_plus	'1'
 	option priority	'2'
+
+config port
+	option enable	'1'
+	option id	'4'
+	option name	'lan4'
+	option poe_plus	'1'
+	option priority	'2'
+
+config port
+	option enable	'1'
+	option id	'5'
+	option name	'lan5'
+	option poe_plus	'1'
+	option priority	'1'
+
+config port
+	option enable	'1'
+	option id	'6'
+	option name	'lan6'
+	option poe_plus	'1'
+	option priority	'1'
+
+config port
+	option enable	'1'
+	option id	'7'
+	option name	'lan7'
+	option poe_plus	'1'
+	option priority	'0'
+
+config port
+	option enable	'1'
+	option id	'8'
+	option name	'lan8'
+	option poe_plus	'1'
+	option priority	'0'

feeds/tip/maverick/files/usr/libexec/ucentral/maverick.sh

@@ -1,5 +1,9 @@
 #!/bin/sh
 
+active=$(ubus call ucentral status | jsonfilter -e '@.active')
+
+[ -n "$active" -a ! "$active" -eq 1 ] && exit 0
+
 rm /etc/config/network /etc/config/wireless
 cp /rom/etc/config/uhttpd /rom/etc/config/firewall /rom/etc/config/dhcp /rom/etc/config/dropbear /etc/config
 config_generate

feeds/tip/maverick/src/maverick.c

@@ -11,15 +11,6 @@
 static void
 maverick_cb(struct uloop_timeout *delay)
 {
-	char link[PATH_MAX] = { };
-
-	if (readlink("/etc/ucentral/ucentral.active", link, PATH_MAX) != -1 &&
-	    strcmp(link, "/etc/ucentral/ucentral.cfg.0000000001")) {
-		ULOG_INFO("found an active symlink\n");
-		uloop_end();
-		return;
-	}
-
 	ULOG_INFO("triggering maverick");
 	if (system("/usr/libexec/ucentral/maverick.sh"))
 		ULOG_ERR("failed to launch Maverick");

feeds/ucentral/dynamic-vlan/Makefile

@@ -0,0 +1,30 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dynamic-vlan
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL=https://github.com/blogic/dynamic-vlan.git
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2021-06-04
+PKG_SOURCE_VERSION:=87dbb04fd0c44ac3d6bc851610ba37eebbb7a3c3
+
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+PKG_LICENSE:=BSD-3-Clause
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/dynamic-vlan
+  SECTION:=ucentral
+  CATEGORY:=uCentral
+  TITLE:=dynamic VLAN netifd helper
+  DEPENDS:=+libubox +libubus
+endef
+
+define Package/dynamic-vlan/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d 
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dynamic-vlan $(1)/usr/sbin/
+	$(INSTALL_BIN) ./files/dynamic-vlan $(1)/etc/init.d/
+endef
+
+$(eval $(call BuildPackage,dynamic-vlan))

feeds/ucentral/dynamic-vlan/files/dynamic-vlan

@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+USE_PROCD=1
+PROG=/usr/sbin/dynamic-vlan
+
+start_service() {
+	wan=$(cat /etc/board.json | jsonfilter -e '@.network.wan.ifname')
+	procd_open_instance
+	procd_set_param command "$PROG" $wan
+	procd_set_param respawn
+	procd_close_instance
+}

feeds/ucentral/dynamic-vlan/git-src

@@ -0,0 +1 @@
+/ucentral/dynamic-vlan/.git

feeds/ucentral/ucentral-client/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-client.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=a7feee0dd88d3eba0fdeaa7c9953fe88edcb6bcb
+PKG_SOURCE_VERSION:=d2d2e9511e4624307967e097e6cee5ad7d922b55
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-client/files/etc/init.d/ucentral

@@ -17,7 +17,9 @@ start_service() {
 	[ -f /etc/ucentral/capabilities.json ] || /usr/share/ucentral/capabilities.uc
 	
 	[ -f /tmp/ucentral.version ] || cat /etc/openwrt_release | grep DISTRIB_REVISION= | cut -d\' -f2 > /tmp/ucentral.version
-	
+
+	mkdir /tmp/ucentral/
+
 	ucode -m fs -i /usr/share/ucentral/crashlog.uc
 	
 	. /lib/functions.sh

feeds/ucentral/ucentral-freeradius/Makefile

@@ -11,7 +11,7 @@ define Package/ucentral-freeradius
   SECTION:=ucentral
   CATEGORY:=uCentral
   TITLE:=ucentral-freeradius cfg wrapper
-  DEPENDS:=+freeradius3-mod-eap +freeradius3-mod-files
+  DEPENDS:=+freeradius3-mod-eap +freeradius3-mod-files +freeradius3-mod-eap-pwd
 endef
 
 define Package/ucentral-freeradius/description

feeds/ucentral/ucentral-freeradius/files/usr/libexec/ucentral-radiusd.sh

@@ -10,6 +10,8 @@ user_add() {
 	[ -z "$username" -o -z "$password" ] && return
 	echo -e "$username\tCleartext-Password := \"$password\"" >> /etc/freeradius3-ucentral/mods-config/files/authorize
 	echo -e "$username\tCleartext-Password := \"$password\"" >> /etc/freeradius3-ucentral/mods-config/files/accounting
+	chmod 0600 /etc/freeradius3-ucentral/mods-config/files/authorize
+	chmod 0600 /etc/freeradius3-ucentral/mods-config/files/accounting
 }
 
 rm /etc/freeradius3-ucentral/mods-config/files/authorize
@@ -34,6 +36,7 @@ client_add() {
 	}
 }
 " >> /etc/freeradius3-ucentral/clients.conf
+chmod 0600 /etc/freeradius3-ucentral/clients.conf
 }
 
 rm /etc/freeradius3-ucentral/clients.conf

feeds/ucentral/ucentral-schema/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=05e30e7560329590852aca98fca613e3af0f4f80
+PKG_SOURCE_VERSION:=3def7c0f68a82154a3b0f0120a87183412d2777a
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/big.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/captive.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/default.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "2G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/dhcp-relay.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "2G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/dhcpsnoop.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/eap_local.json

@@ -0,0 +1,96 @@
+{
+	"uuid": 2,
+	"radios": [
+		{
+			"band": "2G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "wpa2",
+						"ieee80211w": "optional"
+					},
+					"radius": {
+						"local": {
+							"ca-certificate": "/etc/ucentral/cas.pem",
+							"server-certificate": "/etc/ucentral/cert.pem",
+							"private-key": "/etc/ucentral/key.pem",
+							"server-identity": "uCentral-EAP",
+							"users": [
+								{
+									"user-name": "john",
+									"password": "aaaaaaaa"
+								}
+							]
+						}
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh", "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			}
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/gre.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/ieee8021x.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/igmp.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/lldp.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/maverick.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/mesh.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/metrics.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/multi-psk.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",
@@ -72,8 +72,7 @@
 					"multi-psk": [
 						{
 							"key": "aaaaaaaa",
-							"vlan-id": 123,
-							"mac": "00:11:22:33:44:55"
+							"vlan-id": 100
 						},
 						{
 							"key": "bbbbbbbb"

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "5G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius.json

@@ -0,0 +1,90 @@
+{
+	"uuid": 2,
+	"radios": [
+		{
+			"band": "5G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"5G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "wpa2",
+						"ieee80211w": "optional"
+					},
+					"radius": {
+						"authentication": {
+							"host": "192.168.178.192",
+							"port": 1812,
+							"secret": "secret"
+						},
+						"accounting": {
+							"host": "192.168.178.192",
+							"port": 1813,
+							"secret": "secret"
+						}
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			}
+
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/rate-limit.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/ssh.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"interfaces": [
 		{
 			"name": "WAN",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/steering.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/vlan.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/vxlan.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/wds-ap.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/wds-repeater.json

@@ -1,5 +1,5 @@
 {
-	"uuid": 1,
+	"uuid": 2,
 	"radios": [
 		{
 			"band": "6G",

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/wpa2-radius.json

@@ -0,0 +1,98 @@
+{
+	"uuid": 2,
+	"radios": [
+		{
+			"band": "2G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"services": [ "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh", "lldp" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"2G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"lldp": {
+			"describe": "uCentral",
+			"location": "universe"
+		},
+		"ssh": {
+			"port": 22
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/uci-defaults/99-ucentral-network

@@ -24,3 +24,6 @@ config_foreach section_del phyint igmpproxy
 
 config_load radsecproxy
 config_foreach section_del options radsecproxy
+
+config_load usteer
+config_foreach section_del usteer usteer

feeds/ucentral/ucentral-wifi/Makefile

@@ -6,8 +6,8 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-wifi.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-04-13
-PKG_SOURCE_VERSION:=06733b8471fe81cea7f232d838209ce2ead26e94
-PKG_MIRROR_HASH:=a8000b3cf43ce9ebfa7305661475fec98ec1dba2dc7b062028c2e17d7c2ec50b
+PKG_SOURCE_VERSION:=6e7aab974b38078e4a16dfe616320a1f9fc7e204
+#PKG_MIRROR_HASH:=a8000b3cf43ce9ebfa7305661475fec98ec1dba2dc7b062028c2e17d7c2ec50b
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

feeds/ucentral/ucode/Makefile

@@ -13,7 +13,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=https://github.com/jow-/ucode.git
 PKG_SOURCE_DATE:=2021-03-15
-PKG_SOURCE_VERSION:=2c2e603204be7ec96cab7504e3ee6951412ad4bc
+PKG_SOURCE_VERSION:=42de7ab196a0cc82c1a40adffcea7b481a09e11c
 PKG_MIRROR_HASH:=
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -359,8 +359,8 @@ hostapd_set_vlan_file() {
 	local ifname="$1"
 	local vlan="$2"
 	json_get_vars name vid
-	echo "${vid} ${ifname}.${name}" >> /var/run/hostapd-${ifname}.vlan
-	wireless_add_vlan "${vlan}" "${ifname}.${name}"
+	echo "${vid} ${ifname}-${name}" >> /var/run/hostapd-${ifname}.vlan
+	wireless_add_vlan "${vlan}" "${ifname}-${name}"
 }
 
 hostapd_set_vlan() {
@@ -490,11 +490,11 @@ append_hs20_conn_capab() {
 }
 
 append_radius_acct_req_attr() {
-	append bss_conf "radius_acct_req_attr=$1" "$N"
+	[ -n "$1" ] && append bss_conf "radius_acct_req_attr=$1" "$N"
 }
 
 append_radius_auth_req_attr() {
-	append bss_conf "radius_auth_req_attr=$1" "$N"
+	[ -n "$1" ] &&  append bss_conf "radius_auth_req_attr=$1" "$N"
 }
 
 append_airtime_sta_weight() {

feeds/wifi-ax/hostapd/patches/710-vlan_no_bridge.patch

@@ -10,19 +10,27 @@
  #define DYNAMIC_VLAN_NAMING_END 2
 --- a/src/ap/vlan_full.c
 +++ b/src/ap/vlan_full.c
-@@ -466,6 +466,9 @@ void vlan_newlink(const char *ifname, st
- 
- 	wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
+@@ -475,6 +475,9 @@ void vlan_newlink(const char *ifname, st
+ 	if (!vlan)
+ 		return;
  
 +	if (hapd->conf->ssid.vlan_no_bridge)
-+		return;
++		goto out;
 +
- 	for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
- 		if (vlan->configured ||
- 		    os_strcmp(ifname, vlan->ifname) != 0)
+ 	vlan->configured = 1;
+ 
+ 	notempty = vlan->vlan_desc.notempty;
+@@ -506,6 +509,7 @@ void vlan_newlink(const char *ifname, st
+ 				    ifname, br_name, tagged[i], hapd);
+ 	}
+ 
++out:
+ 	ifconfig_up(ifname);
+ }
+ 
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3400,6 +3400,8 @@ static int hostapd_config_fill(struct ho
+@@ -3366,6 +3366,8 @@ static int hostapd_config_fill(struct ho
  #ifndef CONFIG_NO_VLAN
  	} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  		bss->ssid.dynamic_vlan = atoi(pos);

feeds/wifi-ax/hostapd/patches/810-client-disconnect-when-rssi-is-low.patch

@@ -1,242 +0,0 @@
---- a/src/ap/ubus.c
-+++ b/src/ap/ubus.c
-@@ -146,6 +146,49 @@ hostapd_bss_ban_client(struct hostapd_da
- 	eloop_register_timeout(0, time * 1000, hostapd_bss_del_ban, ban, hapd);
- }
- 
-+static void
-+hostapd_bss_signal_check(void *eloop_data, void *user_ctx)
-+/* This is called by an eloop timeout.  All stations in the list are checked
-+ * for signal level.  This requires calling the driver, since hostapd doesn't
-+ * see packets from a station once it is fully authorized.
-+ * Stations with signal level below the threshold will be dropped.
-+ */
-+{
-+	struct hostapd_data *hapd = user_ctx;
-+	struct hostap_sta_driver_data data;
-+	struct sta_info *sta, *sta_next;
-+	u8 addr[ETH_ALEN];  /* Buffer the address for logging purposes, in case it is destroyed while dropping */
-+	int strikes;        /* same with strike count on this station. */
-+	int num_sta = 0;
-+	int num_drop = 0;
-+	int signal;
-+
-+	for (sta = hapd->sta_list; sta; sta = sta_next) {
-+		sta_next = sta->next;
-+		memcpy(addr, sta->addr, ETH_ALEN);
-+		if (!hostapd_drv_read_sta_data(hapd, &data, addr)) {
-+			signal = data.signal;
-+			num_sta++;
-+			strikes = sta->sig_drop_strikes;
-+			if (signal < hapd->conf->signal_stay_min) { /* signal bad. */
-+				strikes = ++sta->sig_drop_strikes;
-+				if (strikes >= hapd->conf->signal_strikes) {  /* Struck out--, drop. */
-+					hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_INFO,
-+							"Deauthenticating client due to low signal strength %i", data.signal);
-+					ap_sta_deauthenticate(hapd, sta, hapd->conf->signal_drop_reason);
-+					num_drop++;
-+				}
-+			} else {
-+				sta->sig_drop_strikes = 0;  /* signal OK, reset the strike counter. */
-+				strikes = 0;
-+			}
-+		}
-+	}
-+
-+	eloop_register_timeout(hapd->conf->signal_poll_time, 0, hostapd_bss_signal_check, eloop_data, hapd);
-+
-+}
-+
- static int
- hostapd_bss_reload(struct ubus_context *ctx, struct ubus_object *obj,
- 		   struct ubus_request_data *req, const char *method,
-@@ -580,6 +623,70 @@ hostapd_vendor_elements(struct ubus_cont
- 	return UBUS_STATUS_OK;
- }
- 
-+enum {
-+	SIGNAL_CONNECT,
-+	SIGNAL_STAY,
-+	SIGNAL_STRIKES,
-+	SIGNAL_POLL,
-+	SIGNAL_DROP_REASON,
-+	__SIGNAL_SETTINGS_MAX
-+};
-+
-+static const struct blobmsg_policy sig_policy[__SIGNAL_SETTINGS_MAX] = {
-+		[SIGNAL_CONNECT] = {"connect", BLOBMSG_TYPE_INT32},
-+		[SIGNAL_STAY] = {"stay", BLOBMSG_TYPE_INT32},
-+		[SIGNAL_STRIKES] = {"strikes", BLOBMSG_TYPE_INT32},
-+		[SIGNAL_POLL] = {"poll_time", BLOBMSG_TYPE_INT32},
-+		[SIGNAL_DROP_REASON] = {"reason", BLOBMSG_TYPE_INT32}
-+};
-+
-+static int
-+hostapd_bss_set_signal(struct ubus_context *ctx, struct ubus_object *obj,
-+		struct ubus_request_data *req, const char *method,
-+		struct blob_attr *msg)
-+{
-+	struct blob_attr *tb[__SIGNAL_SETTINGS_MAX];
-+	struct hostapd_data *hapd = get_hapd_from_object(obj);
-+	int sig_stay;
-+
-+	blobmsg_parse(sig_policy, __SIGNAL_SETTINGS_MAX, tb, blob_data(msg), blob_len(msg));
-+
-+	if (!tb[SIGNAL_CONNECT])
-+		return UBUS_STATUS_INVALID_ARGUMENT;
-+	hapd->conf->signal_auth_min = blobmsg_get_u32(tb[SIGNAL_CONNECT]);
-+	if (tb[SIGNAL_STAY]) {
-+		sig_stay = blobmsg_get_u32(tb[SIGNAL_STAY]);
-+	} else {
-+		sig_stay = hapd->conf->signal_auth_min - 5;  // Default is 5 dB lower to stay.
-+	}
-+	hapd->conf->signal_stay_min = sig_stay;
-+	if (tb[SIGNAL_STRIKES]) {
-+		hapd->conf->signal_strikes = blobmsg_get_u32(tb[SIGNAL_STRIKES]);
-+		if (hapd->conf->signal_strikes < 1)
-+			return UBUS_STATUS_INVALID_ARGUMENT;
-+	} else {
-+		hapd->conf->signal_strikes = 3;
-+	}
-+	if (tb[SIGNAL_POLL]) {
-+		hapd->conf->signal_poll_time = blobmsg_get_u32(tb[SIGNAL_POLL]);
-+		if (hapd->conf->signal_poll_time < 3)
-+			return UBUS_STATUS_INVALID_ARGUMENT;
-+	} else {
-+		hapd->conf->signal_poll_time = 5;
-+	}
-+	if (tb[SIGNAL_DROP_REASON]) {
-+		hapd->conf->signal_drop_reason = blobmsg_get_u32(tb[SIGNAL_DROP_REASON]);
-+		if ((hapd->conf->signal_drop_reason < 1) || (hapd->conf->signal_drop_reason > 35)) // XXX -- look up real limit
-+			return UBUS_STATUS_INVALID_ARGUMENT;
-+	} else {
-+		hapd->conf->signal_drop_reason = 3;  // Local choice. 5 (AP too busy) is also a good one.
-+	}
-+	eloop_cancel_timeout(hostapd_bss_signal_check, ELOOP_ALL_CTX, ELOOP_ALL_CTX);
-+	eloop_register_timeout(3, 0, hostapd_bss_signal_check, NULL, hapd);  // Start up the poll timer.
-+
-+	return UBUS_STATUS_OK;
-+}
-+
- static void
- hostapd_rrm_print_nr(struct hostapd_neighbor_entry *nr)
- {
-@@ -1049,6 +1156,7 @@ static const struct ubus_method bss_meth
- 	UBUS_METHOD_NOARG("rrm_nr_list", hostapd_rrm_nr_list),
- 	UBUS_METHOD("rrm_nr_set", hostapd_rrm_nr_set, nr_set_policy),
- 	UBUS_METHOD("rrm_beacon_req", hostapd_rrm_beacon_req, beacon_req_policy),
-+	UBUS_METHOD("set_required_signal", hostapd_bss_set_signal, sig_policy),
- #ifdef CONFIG_WNM_AP
- 	UBUS_METHOD("wnm_disassoc_imminent", hostapd_wnm_disassoc_imminent, wnm_disassoc_policy),
- #endif
-@@ -1086,6 +1194,8 @@ void hostapd_ubus_add_bss(struct hostapd
- 	obj->n_methods = bss_object_type.n_methods;
- 	ret = ubus_add_object(ctx, obj);
- 	hostapd_ubus_ref_inc();
-+	if (hapd->conf->signal_stay_min > -128)
-+		eloop_register_timeout(3, 0, hostapd_bss_signal_check, NULL, hapd);  /* Start up the poll timer. */
- }
- 
- void hostapd_ubus_free_bss(struct hostapd_data *hapd)
-@@ -1174,6 +1284,15 @@ int hostapd_ubus_handle_event(struct hos
- 		addr = req->mgmt_frame->sa;
- 	else
- 		addr = req->addr;
-+	if (req->type < ARRAY_SIZE(types))
-+		type = types[req->type];
-+
-+	if (req->ssi_signal && req->type != HOSTAPD_UBUS_PROBE_REQ)  /* don't clutter the log with probes. */
-+		hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_INFO, "%s request, signal %i %s",
-+				type, req->ssi_signal,
-+                		(req->ssi_signal >= hapd->conf->signal_auth_min) ? "(Accepted)" : "(DENIED)");
-+	if (req->ssi_signal && req->ssi_signal < hapd->conf->signal_auth_min)
-+		return WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
- 
- 	ban = avl_find_element(&hapd->ubus.banned, addr, ban, avl);
- 	if (ban)
-@@ -1182,9 +1301,6 @@ int hostapd_ubus_handle_event(struct hos
- 	if (!hapd->ubus.obj.has_subscribers)
- 		return WLAN_STATUS_SUCCESS;
- 
--	if (req->type < ARRAY_SIZE(types))
--		type = types[req->type];
--
- 	blob_buf_init(&b, 0);
- 	blobmsg_add_macaddr(&b, "address", addr);
- 	if (req->mgmt_frame)
---- a/hostapd/config_file.c
-+++ b/hostapd/config_file.c
-@@ -3322,6 +3322,24 @@ static int hostapd_config_fill(struct ho
- 			return 1;
- 		}
- 		bss->send_probe_response = val;
-+	} else if (os_strcmp(buf, "signal_connect") == 0) {
-+		bss->signal_auth_min = atoi(pos);
-+	} else if (os_strcmp(buf, "signal_stay") == 0) {
-+		bss->signal_stay_min = atoi(pos);
-+	} else if (os_strcmp(buf, "signal_poll_time") == 0) {
-+		bss->signal_poll_time = atoi(pos);
-+		if (bss->signal_poll_time < 3) {
-+			wpa_printf(MSG_ERROR, "Line %d: invalid signal poll time", line);
-+			return 1;
-+		}
-+	} else if (os_strcmp(buf, "signal_strikes") == 0) {
-+		bss->signal_strikes = atoi(pos);
-+	} else if (os_strcmp(buf, "signal_drop_reason") == 0) {
-+		bss->signal_drop_reason = atoi(pos);
-+		if (bss->signal_drop_reason < 1 || bss->signal_drop_reason > 54) {
-+			wpa_printf(MSG_ERROR, "Line %d: invalid signal drop reason", line);
-+			return 1;
-+		}
- 	} else if (os_strcmp(buf, "supported_rates") == 0) {
- 		if (hostapd_parse_intlist(&conf->supported_rates, pos)) {
- 			wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
---- a/src/ap/ap_config.c
-+++ b/src/ap/ap_config.c
-@@ -94,6 +94,11 @@ void hostapd_config_defaults_bss(struct
- 	bss->eapol_version = EAPOL_VERSION;
- 
- 	bss->max_listen_interval = 65535;
-+	bss->signal_auth_min = -128;  /* this is lower than any real signal, so all stations will be accepted */
-+	bss->signal_stay_min = -128;
-+	bss->signal_strikes = 3;
-+	bss->signal_poll_time = 5;
-+	bss->signal_drop_reason = 3; /* "Local choice" */
- 
- 	bss->pwd_group = 19; /* ECC: GF(p=256) */
- 
---- a/src/ap/ap_config.h
-+++ b/src/ap/ap_config.h
-@@ -351,7 +351,11 @@ struct hostapd_bss_config {
- 	int wds_sta;
- 	int isolate;
- 	int start_disabled;
--
-+	int signal_auth_min;    /* Minimum signal a STA needs to authenticate */
-+	int signal_stay_min;    /* Minimum signal needed to stay connected. */
-+	int signal_poll_time;   /* Time in seconds between checks of connected STAs */
-+	int signal_strikes;     /* Number of consecutive times signal can be low before dropping the STA. */
-+	int signal_drop_reason; /* IEEE802.11 reason code transmitted when dropping a STA.  */
- 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
- 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
- 
---- a/src/ap/sta_info.c
-+++ b/src/ap/sta_info.c
-@@ -732,6 +732,7 @@ struct sta_info * ap_sta_add(struct host
- 	sta_track_claim_taxonomy_info(hapd->iface, addr,
- 				      &sta->probe_ie_taxonomy);
- #endif /* CONFIG_TAXONOMY */
-+	sta->sig_drop_strikes = 0;
- 
- 	return sta;
- }
---- a/src/ap/sta_info.h
-+++ b/src/ap/sta_info.h
-@@ -286,6 +286,7 @@ struct sta_info {
- 	unsigned int airtime_weight;
- 	struct os_reltime backlogged_until;
- #endif /* CONFIG_AIRTIME_POLICY */
-+	int sig_drop_strikes;  /* Number of times signal was below threshold. */
- };
- 
- 

profiles/ucentral-ap.yml

@@ -15,6 +15,7 @@ packages:
   - cJSON
   - curl
   - dnsmasq-full
+  - dynamic-vlan
   - gre
   - ieee8021x
   - igmpproxy
@@ -36,7 +37,6 @@ packages:
   - ucentral-tools
   - ucode
   - udhcpsnoop
-  - uledd
   - usteer
   - udevmand
   - umdns

profiles/ucentral-gateway.yml

@@ -16,7 +16,6 @@ packages:
   - luci-mod-system
   - luci-theme-bootstrap
   - openssl-util
-  - radsecproxy
   - rpcd
   - rpcd-mod-file
   - rpcd-mod-iwinfo

profiles/ucentral-switch.yml

@@ -3,6 +3,8 @@ description: Add the ucentral dependencies
 feeds:
   - name: ucentral
     path: ../../feeds/ucentral
+  - name: tip
+    path: ../../feeds/tip
 
 include:
   - webui
@@ -10,6 +12,7 @@ include:
 packages:
   - lldpd
   - curl
+  - firstcontact
   - ieee8021x
   - ip-bridge
   - maverick